Discover PerformanceHP Software's community for IT leaders // February 2012
Five trends reshaping enterprise security
Mobility, consumerization … It’s time to rethink enterprise security in terms of five emerging trends and the four-step response they demand.
Threats to your IT systems are more persistent, sophisticated and unpredictable than ever. Every business decision has inherent risk, and it’s essential to make decisions based on the cost and potential value of that risk.
Five recent trends are having a significant impact on risk:
- Consumerization—Enterprise employees bring personal devices to work and take work devices home, which makes controlling network access, identity, application permissions and other elements more difficult.
- Mobility—Data has a level of mobility never experienced before, requiring mobile devices to accommodate secure operations.
- Cloud—The benefits of cloud computing include leveraging standardized applications, reducing maintenance, implementing pay-per-use models and lowering capital expenditures. But along with the benefits comes risk to compliance, privacy and transaction security.
- Cyber-threats—The range and potential damage of cyber-threats increases daily. Today’s most damaging cyber-attacks exploit multiple points of entry plotted over time to avoid individual detection while collectively posing a major threat.
- Social media—The ability to aggregate and correlate the data that might be shared on Twitter, Facebook or LinkedIn makes it much easier for sensitive information to inadvertently be exposed.
Build a sustainable security ecosystem
A traditional approach to enterprise security gives you bolted-on point solutions—an uncoordinated bunch of unrelated products and services. That’s not enough. Nearly half of all enterprises have a designated CISO whose primary job is to protect information capital, and if you are that CISO, you’re probably already rethinking enterprise security in a broader context.
You need to think about:
- New landscapes: managing risk in the era of consumerization of IT, mobile computing, cloud adoption, cyber-threats and the spread of social media technologies.
- New foes: protecting against increasingly sophisticated threats.
- New tools: improving detection of, and reaction time to, security incidents.
- New internal pressures: reducing administration costs and efficiently spending security dollars.
- New regulatory pressures: achieving compliance predictably and cost-effectively.
Address these priorities by establishing a framework to link information security management and governance with the operations and technology required to achieve end-to-end security. Such a holistic, start-to-finish approach is the only way to effectively, intelligently manage risk in this era.
End-to-end security in four phases
Traditional approaches to security are often fragmented and impose constraints on users. The HP approach encompasses four phases:
- Assess your risk tolerance profile, compliance requirements, operational requirements, organizational capabilities and resources.
- Transform your organization’s approach to security from managing it in silos to taking a holistic view.
- Manage the associated security transformation programs required to deliver security most effectively.
- Optimize by continually monitoring the environment to proactively recommend operational and process improvements and initiatives that will deliver an enhanced security and risk posture.
The challenge is to develop a strategy that applies this phased approach to the areas of your business that must be secured today: data and information, applications, identity, endpoint and network.
For more about what to consider when rethinking your approach to enterprise security, read the white paper, “Rethinking your Enterprise Security: Critical Priorities to Consider,” and visit HP Enterprise Security.